[
https://issues.apache.org/jira/browse/XERCESC-1612?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Scott Cantor updated XERCESC-1612:
----------------------------------
Fix Version/s: (was: Nightly build (please specify the date))
> Out of bounds read in XMLUTF8Transcoder::transcodeFrom
> ------------------------------------------------------
>
> Key: XERCESC-1612
> URL: https://issues.apache.org/jira/browse/XERCESC-1612
> Project: Xerces-C++
> Issue Type: Bug
> Components: Miscellaneous
> Affects Versions: 2.7.0
> Reporter: Daniel Burr
> Priority: Trivial
>
> The test for character conversion is:
> while (*srcPtr <= 127 && srcPtr != srcEnd && outPtr != outEnd );
> This can give an error in valgrind because srcPtr is being dereferenced
> before the check is done to see if it is at the end. The error can be fixed
> with something like:
> while (srcPtr != srcEnd && *srcPtr <= 127 && outPtr != outEnd );
> --- XMLUTF8Transcoder.cpp.orig 2006-06-30 14:28:35.000000000 +1000
> +++ XMLUTF8Transcoder.cpp 2006-06-30 14:28:39.000000000 +1000
> @@ -154,8 +154,8 @@
> do
> {
> *outPtr++ = XMLCh(*srcPtr++);
> - } while (*srcPtr <= 127 &&
> - srcPtr != srcEnd &&
> + } while ( srcPtr != srcEnd &&
> + *srcPtr <= 127 &&
> outPtr != outEnd );
> memset(sizePtr,1,srcPtr - srcPtr_save);
> sizePtr += srcPtr - srcPtr_save;
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: c-dev-unsubscr...@xerces.apache.org
For additional commands, e-mail: c-dev-h...@xerces.apache.org
